Re: duplicate library code in a package
On Wed, Sep 28, 2005 at 01:36:02PM -0400, Roberto C. Sanchez wrote:
> On Wed, Sep 28, 2005 at 12:07:08PM -0500, Carlo Segre wrote:
> > On Wed, 28 Sep 2005, Roberto C. Sanchez wrote:
> > >On Wed, Sep 28, 2005 at 06:15:12PM +0200, Tommaso Moroni wrote:
> > >>Hi!
> > >>
> > >>I'm packaging kchmviewer, which uses a version of chmlib bundled
> > >>in the upstream tarball.
> > >>
> > >>Is it a Bad Thing to use that library instead of depending on the
> > >>official packaged one?
> > >
> > >Yes(TM), it is a Bad Thing(TM).
> > >
> > >If the official library is suitable, then use it. It will:
> > >
> > >- absolve you of providing security support for the duplicate code
> > >- make the resulting binary packages fewer or smaller
> > >- save space on end user systems and repository mirror sites
> > >
> > Don't delete it form the upstream tarball though or your diffs will be huge.
> > Just disable the compilation in the makefiles.
> > Carlo
> An excellent point. I imagine that it would also be permissible to
> repackage the .orig.tar.gz file so that it is gone from there as well.
Usually only 3 reasons are sufficient justification for repackaging.
1) non DFSG material included;
2) large binaries included;
3) multiple "dependent" upstream source tarballs required for
building a single binary package
Bill lists some other ones here:
My comments within:
--- Files have stupid permissions.
This is probably not a valid reason, in itself; just run
chmod -R u=Xg=o= or whatever in ./debian/rules.
--- tarball contains files at the root.
As Joerg notes in the New Queue Reject Faq, this is not a valid
reason; dpkg-source deals with this just fine.
--- Some files are not DFSG free.
--- You can't add binary files (e.g. icons) in a diff. Using uuencode
is not optimal. Sometimes it is better to sneak them in the
That's one way; Theodore Ts'o does it by putting them in the .diff.gz.
--- tarball include large stuff that we don't want to package.
I think this is only sufficient justification if its very large, like
over 50% of the source package size, and tens of megabytes.
The other 3 things listed are also okay..